- Setting Up VPN from a Corente Services Gateway to an IP Network in Oracle Cloud
- Configuring Your Guest Instances for VPN Access
6 Configuring Your Guest Instances for VPN Access
To make your guest Compute Classic instances accessible over VPN, you should attach them to the same IP network that the Corente Services Gateway instance is attached to.
- Download the sample orchestration,
csg-sdn-guestinstance.json
, which is included in thegreconf_orchsamples.zip
file at the following location: http://www.oracle.com/technetwork/topics/cloud/downloads/network-cloud-service-2952583.html. - Open
csg-sdn-guestinstance.json
in a plain-text editor, and make the following changes:- Replace all occurrences of
myidentitydomain
with the ID of your identity domain. - Change all occurrences of
john.doe@example.com
to your user name.
- Replace all occurrences of
- Under the
launchplan
object type, update the following attributes:- Change the
name
,ha_policy
,label
,imagelist
, andshape
attributes to values of your choice. See Instance Attributes in Using Oracle Cloud Infrastructure Compute Classic. - Change
ipnetwork
to the name of the IP network that you created earlier and attached the Corente Services Gateway instance to. See Creating an IP Network.Here’s a partial example of an instance orchestration showing thenetworking
attribute.{ "networking": { ... "eth1": { ipnetwork": "/Compute-acme/john@example.com/ipnet1", ... } } }
- Change the
- Save and close the orchestration JSON file.
- Upload the orchestration to Compute Classic.See Uploading an Orchestration in Using Oracle Cloud Infrastructure Compute Classic.
- Start the orchestration.See Starting an Orchestration in Using Oracle Cloud Infrastructure Compute Classic.
- (Optional) If you specified multiple interfaces for the guest instance, and if one of those interfaces is attached to the Oracle-provided shared network, then you must explicitly configure the Corente Services Gateway as the gateway to the on-premises subnet. You don’t have to perform this additional step for instances that are only connected to the IP network and are not connected to the Oracle-provided shared network.Here’s a partial example of an instance orchestration showing the
networking
attribute with two interfaces:eth1
attached to the IP network that the cloud gateway is attached to, andeth0
attached to the Oracle-provided shared network with the IP address you had reserved earlier.... "networking": { "eth0": { "seclists": [ "/Compute-acme/john@example.com/mySecList" ], "nat": "ipreservation:/Compute-acme/john@example.com/ipres1" }, "eth1": { "ipnetwork": "/Compute-acme/john@example.com/ipnet1", ... } }
On your guest instance, to configure the Corente Services Gateway as the gateway to the on-premises subnet, complete the following steps:
- Log in to the instance.
- Add a route:
Note:
You may need root or administrator privileges for this step.-
Linux:
Command syntax:
ip route add onprem_subnet via cloud_gateway_ip
Example:
ip route add 10.248.64.176/28 via 172.31.200.1
-
Windows:
Command syntax:
route add onprem_subnet mask subnet_mask cloud_gateway_ip
Example:
route add 192.168.49.0 mask 255.255.255.0 172.31.200.1
When you run this command, set
cloud_gateway_ip
to the first address in the IP network that the cloud gateway instance is attached to, and setonprem_subnet
to the subnet address of the on-premises network. For example, if172.31.200.0/24
is the IP address prefix of the IP network that is attached to the cloud gateway instance, then thecloud_gateway_ip
is172.31.200.1
. If192.168.0.128/25
is the IP address prefix of the IP network that is attached to the cloud gateway instance, then thecloud_gateway_ip
is192.168.0.129
. -
Note:
You must add this route every time the instance is rebooted or re-created. You can also configure the route to persist across reboots. For detailed instructions to configure the route to persist across reboots, refer to documentation for your operating system.